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Security Issues and Challenges in Cloud 
Computing 
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Abstract: Cloud computing is a model for enabling ubiquitous, convenient, on-demand neuX^^ccess to a 
shared pool of configurable computing resources such as networks, servers, storage, apcncations, and 
services that can be rapidly provisioned and released with minimal management efft^cr Service provider 
Interaction. Despite the potential gains achieved from the cloud computing, the oifomeations are slow in 
accepting it due to security issues and challenges associated with it. Security i&sye of the major issues 

t a 



Assistant Professor, Christujyothi Institute of Technology & Science, 
Warangal, Telangana, India 



which hamper the growth of cloud. The idea of handing over important ( 



worrisome; such that the consumers need to be vigilant in understandij 
new environment. This paper introduces a detailed analysis of the, 
challenges focusing on the cloud computing types and the service di 
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The "Cloud" is the default symbol of the intern^^vS* diagrams. The broader term of "Computing" 
encompasses Computation, Coordination logic ^SjsJtorage. Cloud computing is a way to increase the 
capacity or add capabilities dynamically withQji^t investing in new infrastructure, training new personnel, or 
licensing new software. It extends Informai/OT^rechnology's (IT) existing capabilities. Cloud computing is 
the delivery of computing services over ^i^Wmernet. Cloud services allow individuals and businesses to use 
software and hardware that are mcj^ge^^y third parties at remote locations. Examples of cloud services 
include online file storage, socia^cetwrldng sites, webmail, and online business applications. 





FIGURE 1: Results of IDC survey ranking security challenges, 2008 [1] 
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Despite of all the hype surrounding the cloud, customers are still reluctant to deploy their business in the 
cloud. Security issues in cloud computing has played a major role in slowing down its acceptance, in fact 
security ranked first as the greatest challenge issue of cloud computing as depicted in figurei 



From one point of view, security could improve due to centralization of data and increased security- focused 
resources. On the other hand concerns persist about loss of control over certain sensitive data, and the lack 
of security for stored kernels entrusted to cloud providers. If those providers have not done gijo^nNjjs 
securing their own environments, the consumers could be in trouble. Measuring the quality oN^ud 
providers' approach to security is difficult because many cloud providers will not expose their in^^rfccture 
to customers. This work is a survey more specific to the different security issues and ^^associated 
challenges that has emanated in the cloud computing system. ^ 

2. Related Works 

Gartner 2008 identified seven security issues that need to be addressed'l^fere enterprises consider 
switching to the cloud computing model. They are as follows: (1) ^Ji^ft8(gee user access - information 
transmitted from the client through the Internet poses a certain de^l^^^T'isk, because of issues of data 

|wHeR ar 



ownership; enterprises should spend time getting to Imow their prc^fcLgre and their regulations as much as 
possible before assigning some trivial applications first to test tlj^^^rer, (2) regulatory compliance - clients 
are accountable for the security of their solution, as they ca^ cMose between providers that allow to be 
audited by 3rd party organizations that check levels of smj^I^ and providers that don't (3) data location - 
depending on contracts, some clients might never lulK^wnat country or what jurisdiction their data is 
located (4) data segregation - encrypted informatiamfrOTn multiple companies may be stored on the same 
hard disk, so a mechanism to separate data sli^^^be deployed by the provider. (5) recovery - every 
provider should have a disaster recovery proic^ to protect user data (6) investigative support - if a client 
suspects faulty activity from the provide^jiSn^ not have many legal ways pursue an investigation (7) long- 
term viability - refers to the ability |p^n^^ a contract and all data if the current provider is bought out by 
another firm. [2] The Cloud Compn^^ Use Case Discussion Group discusses the different Use Case 
scenarios and related requirerrf^j^ that may exist in the cloud model. They consider use cases from 
different perspectives in^dffl^rostomers, developers and security engineers. [3] ENISA investigated the 
different security risks BfflSte(T to adopting cloud computing along with the affected assets, the risks 
likelihood, impacts, a^rfft^OTnerabilities in the cloud computing may lead to such risks. [4] Balachandra et al, 
2009 discussed th^^Arity SLA's specification and objectives related to data locations, segregation and 
data recovery. ^^^Wimir et al, 2010 discussed high level security concerns in the cloud computing model 
such as dat2^lBte^rity, payment and privacy of sensitive information. [6] Bernd et al, 2010 discuss the 
security \4ij^(*abilities existing in the cloud platform. The authors grouped the possible vulnerabilities into 
technc^CT-related . cloud characteristics-related, security controls related. [7] Subashini et al discuss the 
s^uriV challenges of the cloud service delivery model, focusing on the SaaS model. [8] Ragovind et al, 
{2omf discussed the management of security in Cloud computing focusing on Gartner's list on cloud 
security issues and the findings from the International Data Corporation enterprise. [9] Morsy et al, 2010 
investigated cloud computing problems from the cloud architecture, cloud offered characteristics, cloud 
stakeholders, and cloud service delivery models perspectives. [10] A recent survey by Cloud Security Alliance 
(CSA)&IEEE indicates that enterprises across sectors are eager to adopt cloud computing but that security 
are needed both to accelerate cloud adoption on a wide scale and to respond to regulatory drivers. It also 
details that cloud computing is shaping the future of IT but the absence of a compliance environment is 
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having dramatic impact on cloud computing growth, [u] Several studies have been carried out relating to 
security issues in cloud computing but this work presents a detailed analysis of the cloud computing 
security issues and challenges focusing on the cloud computing deployment types and the service delivery 
types. 



3. Security Issues in Cloud Computing 
A. Deployment of cloud services: 

Cloud services are typically made available via a private cloud, community cloud, public cj 
cloud as shown figz. 
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Figure 2: Claud dqiloyment model [13] 
Private cloud 



^^nal enterprise datacenter. In the private cloud, scalable resources 
the cloud vendor are pooled together and available for cloud users to 
irivate cloud can be much more secure than that of the public cloud 
exposure. Only the Organization and designated stakeholders may have 
Private cloud. 

C. Public cloud 



It is set up within an organizati 
and virtual applications providi 
share and use. Utilization 
because of its specified in 
access to operate on a sftlisi 

^ T)f a public cloud computing system is characterized on the one hand by the public 
le cloud service offering and on the other hand by the public network that is used to 
with the cloud service. In addition, public cloud portfolios employ techniques for resource 
n; however, these are transparent for end users and represent a potential threat to the security 
stem. 

D. Hybrid cloud 

A hybrid cloud service deployment model implements the required processes by combining the cloud 
services of different cloud computing systems, e.g. private and public cloud services. The hybrid model is 
also suitable for enterprises in which the transition to full outsourcing has already been completed, for 
instance, to combine community cloud services with public cloud services. 
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E. Cloud Service Models 

Following on the cloud deployment models, the next security consideration relates to the various Cloud 
computing service delivery models. The three main cloud service delivery models are: Infrastructure-as-a- 
Service (laaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). 

(i) Infrastructure as a Service (laaS) ^ 

Infrastructure as a Service is a provision model in which an organization outsources the equipnwit i^ged to 
support operations, including storage, hardware, servers and networldng components. The sejiJP^^rovider 
owns the equipment and is responsible for housing, running and maintaining it. The client^M^^lllv pays on 
a per-use basis. laaS has many characteristics and components such as Utility servic^ano^illing model. 
Automation of administrative tasks. Dynamic scaling. Desktop, policy-based services J^l^^rfbt connectivity. 

(ii) Platform as a Service (PaaS) 

Platform as a Service (PaaS) is a way to rent hardware, operating sys^,^|^%j:c^age and network capacity 
over the Internet. The service delivery model allows the customer t^N^^^rualized servers and associated 
services for running existing applications or developing and testing mevWones. 

Platform as a Service (PaaS) is an outgrowth of Software as a Semfe (SaaS), a software distribution model 
in which hosted software applications are made availabl^^^stomers over the Internet. PaaS has several 
advantages for developers. With PaaS, operating systen»A tures can be changed and upgraded frequently. 



(iii) Soft^H^H^as a Service 

Software as a Service (SaaS) is a software di^Sj^afeon model in which applications are hosted by a vendor or 
service provider and made available to c/§^^ers over a network, typically the Internet. SaaS is becoming an 
increasingly prevalent delivery mo€«f^^fmderlying technologies that support Web semces and service- 
oriented architecture (SQA) mj^re and new developmental approaches, such as Aiax . become popular. 
Meanwhile, broadband service fca»become increasingly available to support user access from more areas 
around the world. ^^^^ 




Fig.2 The following are the additional services provided by the cloud. 
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4. Computing Challenges in Cloud 

A. Security: The current adoption of cloud computing is associated with numerous challenges because 
users are still skeptical about its authenticity. The cloud acts as a big black box, nothing inside the cloud is 
visible to the clients and Clients have no idea or control over what happens inside a cloud Even if the cloud 
provider is honest, it can have malicious system admins who can tamper with the VMs and violate 
confidentiality and integrity Clouds are still subject to traditional data confidentiality, integrity, ava»ilaEiS|', 
and privacy issues, plus some additional attacks. 

B. Costing Model: Pricing is the process of determining what a service provider will recejv'^^^"" 

1 W|hicn% 
s B^^jifli 

dependent in which the customer is charged based on the real time market condi 



user in exchange for their services. The pricing process can be as follows: fixed in w^hich^e customer is 
charged the same amount all the time dynamic, in which the price charged change^^^N|pftcally or market 



ditu^n^ 

C. Service Level Agreement (SLA): Although cloud consumers do not have'^^rol Over the underlying 
computing resources, they do need to ensure the quality, availability, ]^li9hUi*y, and performance of these 
resources when consumers have migrated their core business functiol^^^H^heir entrusted cloud. In other 
words, it is vital for consumers to obtain guarantees from provider^w^i^ice delivery. Typically, these are 
provided through Service Level Agreements (SLAs) negotiated ]^i^)sJn the providers and consumers. The 
very first issue is the definition of SLA specifications in sucfc^lway that has an appropriate level of 
granularity, namely the tradeoffs between expressiveness ai^^omplicatedness, so that they can cover most 
of the consumer expectations and is relatively simple toA^^ighted, verified, evaluated, and enforced by 
the resource allocation mechanism on the cloud. In^Wj^tion, different cloud offerings (laaS, PaaS, and 
SaaS) will need to define different SLA meta speci^atftins. This also raises a number of implementation 
problems for the cloud providers. Furthermore, ^H^^rrced SLA mechanisms need to constantly incorporate 
user feedback and customization features inta^be SLA evaluation framework. 

D. What to migrate: Based on a sur\^^|3femple size = 244) conducted by IDC in 2008, the seven IT 
systems/applications being migrat^lbNie cloud are: IT Management Applications (26.2%), Collaborative 
Applications (25.4%), Personal Applications (25%), Business Applications (23.4%),Applications 
Development and Deployment /if!y8%). Server Capacity (15.6%), and Storage Capacity (15.5%). This result 
reveals that organizations alwNwve security /privacy concerns in moving their data on to the Cloud. 
Currently, peripheral funwl^tsuch as IT management and personal applications are the easiest IT systems 
to move. OrganizatiojjsVj^conservative in employing laaS compared to SaaS. This is partly because 
marginal functions are ^wfen outsourced to the Cloud, and core activities are kept in-house. The survey also 
shows that in ti^dfe^ars' time, 31.5% of the organization will move their Storage Capacity to the cloud. 
However this Iafll|^^er is still relatively low compared to Collaborative Applications (46.3%) at that time. 
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Conclusion 

(^loud computing can be seen as a new phenomenon which is set to revolutionize the way we 
? Internet, there is much to be cautious about. There are many new technologies emerging at a rapid 
rate, each with technological advancements and with the potential of maldng human's lives easier. 
However, one must be very careful to understand the security risks and challenges posed in utilizing these 
technologies. Cloud computing is no exception. In this paper key security considerations and challenges 
which are currently faced in the Cloud computing are highlighted. Cloud computing has the potential to 
become a frontrunner in promoting a secure, virtual and economically viable IT solution in the future. 
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